VPN Vulnerability Shows Need for Software Defined Perimeter

Posted by onJune 6, 2019| Featured

The Department of Homeland Security issued a warning last month about VPN packages from F5, Palo Alto, Pulse, and Cisco. According to Network World, these packages might fail to properly secure tokens and cookies. This could enable cyber criminals to break into and control an end user’s system.

Vulnerabilities like these reveal the need for modern
technologies and techniques like Zero Trust and Zero Trust Network Access
(ZTNA), also known as Software Defined Perimeter (SDP).

Zero Trust

Zero Trust goes beyond securing the boarders of a network to
view even devices and users within a network as suspect. Part of how Zero Trust
accomplishes this is by limiting access to network resources to only those who
need them, verifying policy compliance, and both user and device identity.

This technique could have limited access to networks
involved in these breaches, thereby mitigating or even preventing cyberattacks
on these networks. Learn more about Zero Trust from Impulse’s article, What is the Zero Trust
Model.

Zero Trust Network Access

ZTNA works to implement the Zero Trust model by limiting
users’ access to only necessary resources. This can limit the access of
possible cyber criminals exploiting vulnerabilities like the ones outlined by
the Department of Homeland Security. ZTNA also relies upon methods of restricting
access to resources until after device identity and compliance is verified.
ZTNA solutions can often even go so far as segmenting networks to the point
that there is a “perimeter of one” around each user on a network.

This means that methods like the one found by the Department
of Homeland Security involving unsecure tokens and cookies would be less likely
to work, as the security of devices is verified before network connection. Learn
more about Impulse’s own ZTNAs solution on Impulse’s SafeConnect SDP Product page.